Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 1836 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

1:1 NAT - Overlay Network

Guenter

Hello,

On my UTM (V9.705) on Interface ETH4 is the LAN 172.22.0.0/16 connected. The IP on ETH4 ist 172.22.0.254.

For some reasons, this LAN is not reachable forum our Office LAN (10.10.10.0/24). Only 10.0.0.0/8 is routed to this firewall.

My Idea was, I do a 1:1 NAT (whole Networks) on this firewall. Lets say, my overlay Net is 10.222.0.0/16.

For this I added an additional Network on

ETH4 with 10.222.0.254/16

and

1:1 NAT Rule

any, any to 10.222.0.0/16, Destination MAP, Mapped to 172.22.0.0/16

I thought this should work.

On the Firewall i can ping 172.22.50.1, but not 10.222.50.1.

Why?

Can anyone help me?

Guenter



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    As mentioned route for only 10.0.0.0/8 network is added from the Office LAN network 10.10.10.0/24.

    You'd like to access 172.22.0.0/16 network from Office LAN. To achieve this you've added 1:1 NAT and have mapped requests coming to 10.222.0.0/16 destination network to the firewall with 172.22.0.0/16(Map Destination)

    If this is the requirement then no need to add an additional network on eth4 interface.

    Please correct me if I'm wrong. Also please share a snapshot of a rough network diagram, NAT rule, and firewall rule.

  • 0 in reply to FormerMember

    Hello,

    yes you are right. But the 1:1 NAT Rule does not match. So the hosts with the mapped IP (10.222.0.0/16) are not reachable.

    What can I do?

    Is somewhare a fully working example?

    Guenter

  • 0 in reply to Guenter

    Hallo Günter,

    I'm confused by your subnets.  A 10.0.0.0/8 definition is so broad that it could be causing problems.   Can you restrict that somewhat?  

    I'm also confused by the use of "Any IPv4" in your NAT rule.

    A simple diagram with subnets noted would make this situation easier to understand.

    I don't think I've ever used a 1:1 NAT with more than a /22.  Yash, can you confirm that 1:1 NATs can handle /16 subnets?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Guenter

    Hallo Günter,

    I'm confused by your subnets.  A 10.0.0.0/8 definition is so broad that it could be causing problems.   Can you restrict that somewhat?  

    I'm also confused by the use of "Any IPv4" in your NAT rule.

    A simple diagram with subnets noted would make this situation easier to understand.

    I don't think I've ever used a 1:1 NAT with more than a /22.  Yash, can you confirm that 1:1 NATs can handle /16 subnets?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML